Brian Sims
Editor

Security: The Boardroom ‘Blind Spot’ That Must Be Fixed

CYBER SECURITY is one of the biggest existential threats to modern business, yet it remains a ‘blind spot’ in too many Boardrooms, writes Harry Bowlby. Look around your next senior management meeting. Is there a member of your senior management with responsibility for IT security at the table? If not, why not?

Security is not just an IT Department issue. Rather, it has ramifications for every business function, with the potential to impact revenue, reputation and resilience and even determine regulatory survival.

We work with businesses on a daily basis to deliver secure and high-performance connectivity. We see first-hand the risks companies are taking with their networks, data and infrastructure. We also witness the fall-out when those risks materialise as ransomware attacks shut down operations or data breaches erode customer trust.

Too often, it’s only after an attack that Boards start asking questions. Why did we not see this coming? Who was responsible? How much is this going to cost us? By then, it’s too late.

A member of your senior management team with responsibility for cyber security at the Boardroom table could have identified the warning signs, anticipated threats and taken steps to mitigate risks before they escalated.

Security: why it’s a leadership issue

The greatest mistake Boards of Directors make is believing security is a problem for IT to manage in a silo. It’s not. Cyber security is a business risk every bit as critical as financial mismanagement, supply chain vulnerabilities or regulatory non-compliance. Leadership must take ownership of security strategy rather than delegating it entirely to technical teams.

A member of your team managing cyber threats across the business is not simply there to explain security threats. Their role is to align security strategy with business objectives and ensure the organisation is making informed decisions about risk.

Business leaders should be asking some key questions:

*How do security policies directly affect revenue and operational resilience?

*What are the financial and legal consequences of a breach?

*Which emerging threats could disrupt business operations in the next 12-to-24 months?

Avoiding these discussions doesn’t eliminate the risk. It simply leaves the organisation unprepared when the inevitable occurs.

In my experience, looking at cyber-focused frameworks or certifications – including Cyber Essentials and ISO 27001/ISO 27002 provides a solid foundation of what businesses need to consider when it comes to cyber threats and bolstering their defences.

Network security: the weakest link

For organisations that depend on telecoms and connectivity, security is not just about data protection. It’s fundamental to uptime, reliability and trust. However, many businesses overlook serious vulnerabilities in their networks, including:

*Unsecured connections that expose critical systems to attacks

*Weak remote access controls that create easy entry points for cyber criminals

*Poorly segmented networks that allow threats to spread without containment

These risks are not theoretical. Cyber criminals are increasingly targeting telecoms infrastructure as a gateway to disrupt entire industries. A single unsecured network is potentially an operational failure waiting to happen. It can allow attackers to move laterally across systems, disrupt essential services and compromise critical infrastructure, in turn leading to cascading failures across an organisation’s supply chain and partner ecosystem.

Telecoms providers must set higher security standards, not just for their own infrastructure, but also for the industry as a whole.

Ransomware: the foreseeable crisis 

If there’s one cyber security issue the Board should be laser-focused on, it’s ransomware. Why? It’s a clear and present danger to every business.

The numbers don’t lie. In 2023, ransomware accounted for approximately seven in ten of all reported cyber attacks worldwide. The average ransom demand in 2024 was $2.73 million (an increase of almost $1 million from 2023).

The most common tactics bad actors use to deploy ransomware attacks are e-mail phishing campaigns plus RDP and software vulnerabilities. Boards that don’t have a clear strategy for preventing and mitigating ransomware attacks are failing in their responsibility to protect the organisation.

Organisations that neglect security as a strategic priority are already at risk. A senior member of the team at the leadership table ensures that security is integrated into business strategy, risk management and investment decisions. That individual:

*Guides security investments, ensuring the organisation is prepared for actual threats rather than just meeting compliance requirements

*Bridges the gap between security teams and executives, ensuring leadership understands the implications of security risks

*Ensures accountability for security-related decisions and their impact on business objectives

*Acts as an early warning system, identifying and mitigating threats before they escalate into crises

Security leaders are not just responsible for risk management. They enable business continuity, build trust and ensure that security is a competitive strength rather than a vulnerability.

Ensuring business continuity

Across all industries, we must ensure business continuity in an environment where connectivity underpins everything. Businesses that treat security as a secondary concern will not only be vulnerable to attacks, but also struggle to maintain service reliability, compliance and customer confidence.

A poorly secured network is both a weak point and a liability that can lead to operational downtime or service disruptions. The cost of mitigating security failures after the fact far exceeds the investment required to prevent them in the first place.

In addition to network security, the growing shift to the cloud is increasing the risk for businesses with malicious actors now having a new attack vector.

We must keep security front and centre. It’s an operational necessity. With the right approach, you can operate with confidence, adapt to future challenges and transformation projects and, most importantly, ensure an uninterrupted flow of services upon which your customers and industries can rely.

Organisations that ebed security into their strategic plans will unlock new opportunities for growth as well as protect their operations on an effective basis. Security is a prerequisite for success in a connected world.

Harry Bowlby is Managing Director of Spitfire Network Services (www.spitfire.co.uk)

Company Info

Western Business Media.

Dorset House
64 High Street
East Grinstead
RH19 3DE
UNITED KINGDOM

01342 31 4300

[email protected]

Login / Sign up